Interview with Patrick Kim - Uppsala Security Founder & CEO
1. Hello! Please introduce the Sentinel Protocol to our readers. What this protocol is all about and how can it be used right now in Q1 of 2022?
Hello to all the readers! Sentinel Protocol is a project that was initiated in the first half of 2018 by Uppsala Security, a company with the HQ in Singapore and offices in Seoul - South Korea and Tokyo - Japan. It is a project that has an immediate and very important use-case for the Q1 of 2022 and beyond, as it provides tools and solutions for challenging problems such as malicious activities involving cryptocurrencies and digital assets, money laundering, fraud, theft of blockchain based assets, etc. These are issues that are not only important for end users and adopters of innovative technologies but also for regulatory bodies, as they provide solutions for a safer & global decentralized ecosystem and economy.
2. What triggered the creation of the Sentinel Protocol concept? What has made the founders of Uppsala Security focus on cybersecurity?
The majority of the team comes from the traditional cybersecurity sector and we all have a deep understanding and passion about this field. We spotted a lack of security solutions in the decentralized space from early on and this was actually triggered by an unfortunate personal experience: in 2016 I experienced the loss of 7,218 Ethereum tokens from a geth-mist wallet due to previously unrecognized security vulnerabilities. Blockchain based solutions and cryptocurrencies are amazing at providing an alternative to centralized systems and currencies, but we can’t overlook the fact that just as the fire, cash or fiat currencies - cryptocurrencies can also be used with a malicious intent or are susceptibile of risks. We are starting to see more and more solutions focused on regulatory frameworks, transaction tracking & monitoring, etc. but we were the first project that built a crowdsourced Threat Intelligence platform - meaning that end users all around the world could contribute to security solutions by whitelisting or blacklisting data. This is not only a more inclusive approach, relatable to the decentralized ecosystem, but it also offers close to real-time Threat Intelligence data to corporate customers, partner organizations and world-wide users interested in protecting their valuable digital assets.
3. Do you think that currently, huge networks such as Bitcoin and Ethereum are not decentralized that well? What is the scale of the 51% attack threat for major networks?
We are not so much focused on the security of the blockchain networks themselves or the smart contracts but rather on the usage of the digital assets and how these are handled, transacted, monitored and tracked. But to answer the question, from our perspective, the blockchain trilemma (the balance between security, decentralization, and scalability) is not yet solved. Bitcoin is excelling at the decentralization and security aspect (after all it is the “oldest” cryptocurrency and thus the cryptocurrency that has the longest history of not being hacked) but lacks when it comes to scalability. On the other hand, Ethereum is working on the scalability aspect as well focused on both Layer 1 and Layer 2 solutions but the decentralization aspect can lead to interesting discussions. Besides these two networks we observed multiple ecosystems expanding in recent years, such as Cosmos and Solana, that are making great progress towards solving these challenges. The next few years are going to be very interesting from this perspective and we are very likely to see more and more projects that will achieve a higher decentralization point compared to today.
4. What are other security threats that Sentinel Protocol can help overcome?
We build products and services that can be used to both prevent and also solve issues once a user/organization was affected by malicious activities. As an example, one of the products focused on preventing threats is called the Crypto Analysis Risk Assessment (CARA) - an intuitive machine-learning solution that classifies the risk level of crypto addresses based on learned behaviors of both known malicious wallets and normal wallets. This means that by using CARA, users will receive a generated safety score for a designated crypto wallet address based on machine learning and artificial intelligence. Users are free to proceed with the transactions even if the generated score is a discouraging one but it is an extremely useful tool as it can prevent transactions involving high-risk wallets.
5. Please tell us more about the Threat Reputation Database.
As mentioned during one of the previous questions, we are the first project to build a crowdsourced Threat Inteligence data hub, also known as the Threat Reputation Database. We actually took the decentralized space to the next level and involved the users in the process. We have currently gathered more than 60 Million Threat Indicators which, through our products and solutions, are actually defending and safeguarding worldwide users. In simple words, the products built by our team and used by both end users, corporations and organizations, tap into the Threat Reputation Database for reliable whitelisted and blacklisted data.
Products such as the UPPward Browser Extension (Chrome, Brave, Firefox and Edge) — a free of charge one-stop protection solution against crypto scams and fraud, Crypto Analysis Transaction Visualization (CATV) tool — a forensic tool that creates an easy to use graphic visualization of both incoming and outgoing transaction flows of an inspected wallet which fits perfectly within investigations or the Interactive Cooperation Framework API (ICF API) — that enables any subscribers to query the crowdsourced Threat Intelligence Database in real-time, complement each other in fighting against Money Laundering, Fraud and Terrorist Financing while, at the same time, helping with regulatory compliance. All of these products have as backbone the Threat Reputation Database.
6. What are the gaps in the development of many cryptocurrencies and blockchain-based projects that put their security in jeopardy? Are there threats that end-users or developers tend to underestimate?
I personally think that security is always underestimated until a full on attack is experienced. The truth is that there will always be a risk of an attack, but the main idea is to minimize that risk as much as possible. There are quite a few things that contribute to a lower security: not testing the code/smart contracts as much as needed due to the pressure of the market or competition, a slight feeling of ignorance due to the fact that attacks don’t feel real until they do happen, not testing the employees as much as required - which can lead to social engineering event, etc. Most of these are quite normal in a space that is still mostly experimental, but as a community and ecosystem, if we want to be taken seriously by the world and especially by the entities/institutions/regulators that are more conservative we should, collectively, pay more attention to it. There are already simple best-practices available, due to so many unfortunate events that took place until now, that can really have a positive impact on the security of the whole ecosystem: we learn from our mistakes and we become antifragile.
7. What are the Sentinel Protocol guarantees to its users? What do you do to fulfill your promises and keep on developing?
We mostly let our products and services be the guarantee of our work and commitment. Since 2018 we have built a complex product suite of complementary cybersecurity products and services that have been used to both prevent and track down significant amounts of digital assets that would have otherwise been lost. We are more motivated than ever to continue working on protecting worldwide adopters of innovative products and technologies and to support the spread of decentralized solutions for a more efficient and individual-focused economy. Just as an example, over the last year we managed to not only track down stolen digitaal assets but we also were able to recover some of the lost assets - something that was actually a first in the space because as we all know, blockchain based transactions are irreversible and, as believed until now, once assets are lost they can never be recovered. Our team proved that by building reliable tools and solutions, some things that were believed to be impossible are actually possible.
8. Why does the Sentinel Protocol team prefer Delegated-Proof-of-Stake over other consensus mechanisms?
Besides being a faster and better solution for the environment (as Proof of Stake consumes way less energy than Prook of Work) it is also more dynamic & inclusive. Holders of crypto assets generated through the Proof of Stake consensus mechanism can get involved in the governance decisions by delegating their stake to Validators that are actively contributing to the well being of the network, its security, development, etc. Although one can never be sure of what new solutions migh be adopted in the future, Proof of Stake has proven to outperform Proof of Work in many aspects until now, the reason why most of the networks are using this consensus mechanism.
9. In your opinion, how much time will the blockchain industry need to cement its place in everyday life and become more stable and predictable? What are the main problems that should be solved for it?
The blockchain industry, just like any other industry in their early stages, is really unpredictable. However, we finally have a short history of more than 10 years during which an immense amount of progress has been made. If we think now about the ICO phase and compare it with the current NFT phase, it is almost impossible to believe that there are only a couple of years separating them. I believe that the industry will become more stable in time due to the fact that more users coming from the traditional space will join the ecosystem but I surely do not think it will ever be predictable. In a way, I believe that users have to be more adaptable to change and this ability will make the difference between success and stagnation. Looking back over the recent couple of years we can witness a strong progress that has been made but challanges such as solving the blockchain trilemma, regulation, centralization of power, etc. still have to be worked on and we are ready to contribute by doing our part.
11. Where can users find out more about your project?
We invite everyone to visit our official website, uppsalasecurity.com, where they can find out more information about our products and how they can contribute to a safer cyberspace. Also, we always share our latest updates on our Twitter and Telegram channels, so we are excited to welcome anyone that wants to join us in our journey.
Thank you for taking time for this conversation!